About Larry Sullivan

Larry Sullivan · 09-23-2024

Wondering if anyone has seen this issue before. Laptop on WiFi>Firepower(7.2.5) RA VPN>ISE(3.3 with posturing)Laptop will connect to VPN, issue happens on AC 4.10 and Secure Client 5.1.5.65. Once posture starts to run, at 10% mark, it will say compl...

Larry Sullivan · 08-23-2024

C9300-24UCisco IOS XE Software, Version 16.12.04Currently BW is at the below rate on a 10Gb uplink (T1/1/1) (routed)30 second input rate 104.78 mega-bits/sec , 10.79 Kpps30 second output rate 71.62 mega-bits/sec , 11.24 KppsIf I increase BW by 100Mb ...

Larry Sullivan · 12-08-2023

Can ISE limit restconf commands sent to network devices? Essentially a program was built to clear arp on ASRs and also shut/no shut specific interfaces on C9500s. Can we limit the commands to just that via ISE? I'm not tasked with implementing thi...

Larry Sullivan · 06-22-2023

Things to consider:1.) I have a TAC open for over a month now with no real movement on resolving the issue.2.) The description of the issue is short because I've spent countless hours looking into this and narrowing down the issue.We are running into...

Larry Sullivan · 11-18-2022

Hi,Anyconnect client isn't trusting the ISE certificate for posturing upon connection due to it being a self signed certificate.I have tried certificate pinning in VPN editor but that made it so I get an error upon connection saying can't connect at ...

Larry Sullivan · 10-30-2024

EDIT: Ignore the below. Looks like I'm still not sure why you're trying to do what you're trying to do and why you're doing it the way you're trying to do it. Good luck. Hope you get it sorted. To be clear, when I say active/passive I mean you h...

Larry Sullivan · 10-30-2024

They have the same tunnel IP. Seems like you're trying to do some sort of active/passive. You should give your tunnel 3 a unique IP and it's own VRF and do active/active and use a dynamic routing protocol like BGP to do the failover.

Larry Sullivan · 10-29-2024

Makes a little more sense. I'm assuming your DMVPN subnet is larger than a /24, because if it's a /24 or smaller, changing the third octet would put those spokes outside the DMVPN subnet. Also, for future reference, if your tunnel IPs and source in...

Larry Sullivan · 10-29-2024

What do you mean IP address of each tunnel is the same? The actual tunnel IPs can't be the same if they all connect to same Hub, and they need to be on the same subnet as the hub tunnel, also you will run into issues if the public IP address is the ...

Larry Sullivan · 10-29-2024

Is the backup circuit installed already and you're testing it now?Are these tunnels all on the same router?You're not testing by sharing the same public IP on VPN 1 and 3 are you?

Member Since	‎05-27-2017 12:58 PM
Date Last Visited	‎11-19-2024 04:42 PM
Posts	215
Total Helpful Votes Received	101

User Statistics

User Activity

RA VPN, ISE sending posture compliant DACL to unplugged ethernet intf

C9300-24U dropping transit ICMP when 10Gb Uplink around 200Mb.

Can ISE limit restconf commands on network devices?

c9500 Layer 2 multicast replication issue.

How to push ISE portal certificate (posture) to Anyconnect clients?

Re: DMVPN IPsec BGP tunnels with backup

Re: DMVPN IPsec BGP tunnels with backup

Re: DMVPN IPsec BGP tunnels with backup

Re: DMVPN IPsec BGP tunnels with backup

Re: DMVPN IPsec BGP tunnels with backup